Slashdot Mirror
Cops Are Now Opening iPhones With Dead People's Fingerprints (forbes.com)
An anonymous reader shares a report: In November 2016, around seven hours after Abdul Razak Ali Artan had mowed down a group of people in his car, gone on a stabbing spree with a butcher's knife and been shot dead by a police officer on the grounds of Ohio State University, an FBI agent applied the bloodied body's index finger to the iPhone found on the deceased. The cops hoped it would help them access the Apple device to learn more about the assailant's motives and Artan himself.
This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person's fingerprints in an attempt to get past the protections of Apple's Touch ID technology. Unfortunately for the FBI, Artan's lifeless fingerprint didn't unlock the device. In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan's failed attempt to murder innocents may have been a result of ISIS-inspired radicalization.
Where Moledor's attempt failed, others have succeeded. Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren't authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer.
This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person's fingerprints in an attempt to get past the protections of Apple's Touch ID technology. Unfortunately for the FBI, Artan's lifeless fingerprint didn't unlock the device. In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan's failed attempt to murder innocents may have been a result of ISIS-inspired radicalization.
Where Moledor's attempt failed, others have succeeded. Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren't authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer.
I'm not sure there is a 4th amendment issue here if the suspect is dead, as they would no longer have an expectation of privacy, and the item was found after the commission of a crime. I'm open to the possibility that I'm wrong on this, looking forward to hear arguments.
Taking guns away from the 99% gives the 1% 100% of the power.
You must be kidding. Why should anyone have access to anything you own after some arbitrary time limit? The mind boggles at the stupidity.
I stopped reading Forbes articles when they started requiring me to disable my adblocker.
Tell you what. If I'm murdered and the cops think there might be something on my phone that would tell them who murdered me, I'm cool with them using my finger to unlock it.
Why not?
systemd is Roko's Basilisk.
Trigger happy cops will now be happier. The dead will not resist that caps use its fingerprints to unlock their phone... :(
Proof gathered this way should be invalidated or else cops will be more inclined to kill the suspects to access more easily their phones
Dude. No. No cop I've ever known would kill a drug user just to get a line on the dealer. Climb out of the youtube-hate.
Tell you what. If I'm murdered and the cops think there might be something on my phone that would tell them who murdered me, I'm cool with them using my finger to unlock it.
Apropos of nothing, are you cool with them having an incentive for shooting you rather than taking you in, in order to get at your information?
A simple mask wouldn't work either, you appear to know nothing about FaceiD or technology. Oh you poor Apple Haters!
The mask (singular) you read about unlocking an iPhone X? It was rather complex, requiring a full 3D scan, IR photos of the area round the eyes placed exactly right, which also require a living subject to capture... how are you going to get that photo after they are dead? Your "point" in the end is just more Hater bullshit, pointless in relation to the current article and doing more to highlight your own ignorance and ineptness than relevancy.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
when I said that we should NOT do the fingerprint lock on the phone. I have to say that it will actually encourage somebody killing you, and taking your hand, or such as the police using it.
HOWEVER, where it DOES make sense, is for app access. IOW, once you have unlocked the phone, but an app, say credit card needs to be unlocked again, the finger print makes sense. Kind of wish that we could do say 1-3 prints for the key. That would truly limit the likelihood of somebody being able to use it.
I prefer the "u" in honour as it seems to be missing these days.
Apple FaceID requires the person have that smug look of self-importance. Dead faces all appear as Windows users to FaceID.
It would be nice if these devices automatically unlocked after some time limit, like 1 year.
That would imply an application Logic-based lock, but instead, these phones use cryptography so the passcode is required to decrypt the data; "Fingerprint" access only works while the key derived from the passcode is still in volatile memory, and once the phone sleeps or reboots or something, that memory is purged, and the decryption key needs to be supplied again.
If they didn't encrypt the data ---- then everything on your phone could potentially be stolen by a criminal attacking either Apple's servers or the phone itself and finding a flaw in the Logic-based lock.
...when you unlock it with my cold, dead hands.
I don't want my dead fingers to be more useful to the cops than my living fingers. That's a bad-mojo sort of incentive brewing right there.
I used to do TPM drivers for embedded systems, it's not that far fetched of a feature to time out when your TPM already has an NVRAM. From NVRAM it's simple to embed an RTC (simple but not free, increases costs by several cents and creates supply chain disruption by introduction of a new variant). There are other ways to deal with this problems as well, and I'm not married to this idea.
My main point is the solution that most of the people on slashdot demand is not really feasible. That solution being to do nothing to disrupt the status quo and lock devices down so that nobody, not even law enforcement, can get into the device. If you can't trust your police and legal system to not violate your rights on your cellphone, how can you trust them in any other aspect of your life? Fix the real problem of corruption and public distrust.
“Common sense is not so common.” — Voltaire
Body dead too long? Too bad. Get a warrant.
Druggie too stoned to give consent? Get a warrant.
Want to access my phone FOR ANY REASON? Get a fucking WARRANT.
Scruting the inscrutable for over 50 years.
You can't steal a password off someone's body, dead or alive.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Police have had a solution to that one for years. It's why the 'no knock' warrant exists - they just need to convince a judge there is reason to believe the suspect will destroy evidence if given the opportunity.
If the police believe you have evidence at your home or on your person, they will get a warrant to search you. But if they believe the evidence is easily destroyed - a phone you can lock, or documents you can burn - then they will break into your home while you are at work. Or smash the door down and force everyone to the floor at gunpoint. Or you'll be walking down the street one moment, and the next two plainclothes officers have snuck up behind you and are pinning you against the wall while they get the cuffs on.
Recall the Dread Pirate Roberts arrest? Police knew his laptop would lock if he closed the lid, so they had to arrest him while he had it open. They used an officer posing as a waitress to get close enough without arousing suspicion, who pinned him to the floor while another ran in to grab the laptop.
This isn't something new. The legal system had had solutions for many years to address the problem of suspects who may destroy evidence if they know they are about to be arrested.
In that case Martin Shkreli's face can probably unlock any apple phone with FaceID enabled.
Most people use their phones hundreds of times a day for many hours. Most people use a coffee mug 1-2 times a day for maybe 30 minutes max.
Who uses a coffee mug 1-2 times/day? Once to brew followed by one huge, scalding gulp? I use my coffee mug for about 8 hours a day. Part of that time I use it to sip coffee; the rest of the time I use it to hold coffee. I use my phone intermittently between 4-9 PM to play Words With Friends, browse Facebook, chat/SMS, and occasionally to make or receive a phone call. Am I that unusual?
He's getting rather old, but he's a good mouse.